National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 122,696 matching records.
Displaying matches 281 through 300.
Vuln ID Summary CVSS Severity
CVE-2019-5503

OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.

Published: September 10, 2019; 12:15:12 PM -04:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2019-3975

Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message.

Published: September 10, 2019; 12:15:12 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-16106

The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to change the password of any user via the recruitment_online/personalData/act_acounttab.cfm txtNewUserName and hdNP fields.

Published: September 10, 2019; 12:15:12 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-15896

An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The upload_import function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnerability that could lead to privilege escalation (administrator account creation), website redirection, and stored XSS.

Published: September 10, 2019; 12:15:12 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-14730

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a domain from a victim's account via an attacker account.

Published: September 10, 2019; 12:15:12 PM -04:00
V3.1: 4.3 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-14729

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a sub-domain from a victim's account via an attacker account.

Published: September 10, 2019; 12:15:12 PM -04:00
V3.1: 4.3 MEDIUM
    V2: 5.5 MEDIUM
CVE-2019-14728

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to add an e-mail forwarding destination to a victim's account via an attacker account.

Published: September 10, 2019; 12:15:12 PM -04:00
V3.1: 4.3 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-14727

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail password of a victim account via an attacker account.

Published: September 10, 2019; 12:15:12 PM -04:00
V3.1: 4.3 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-14726

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to access and delete DNS records of a victim's account via an attacker account.

Published: September 10, 2019; 12:15:12 PM -04:00
V3.1: 5.4 MEDIUM
    V2: 6.5 MEDIUM
CVE-2019-14723

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a victim's e-mail account via an attacker account.

Published: September 10, 2019; 12:15:12 PM -04:00
V3.1: 4.3 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-14722

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete an e-mail forwarding destination from a victim's account via an attacker account.

Published: September 10, 2019; 12:15:11 PM -04:00
V3.1: 4.3 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-14721

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account.

Published: September 10, 2019; 12:15:11 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 5.5 MEDIUM
CVE-2019-12401

Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it?s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs.

Published: September 10, 2019; 11:15:11 AM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-16202

MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted privilege escalation on older vulnerable versions of MISP (<2.4.115)" message.

Published: September 10, 2019; 10:15:10 AM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2017-18611

The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-field-css parameter.

Published: September 10, 2019; 08:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-18610

The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-group-id parameter.

Published: September 10, 2019; 08:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-18609

The magic-fields plugin before 1.7.2 for WordPress has XSS via the custom-write-panel-id parameter.

Published: September 10, 2019; 08:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-18608

The spotim-comments plugin before 4.0.4 for WordPress has multiple XSS issues.

Published: September 10, 2019; 08:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-18607

The avada theme before 5.1.5 for WordPress has CSRF.

Published: September 10, 2019; 08:15:11 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2017-18606

The avada theme before 5.1.5 for WordPress has stored XSS.

Published: September 10, 2019; 08:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM